1. Acquire target

2. Footprint the system

3. Gain entry to system

4. Escalate privileges

5. Exploit system resources

6. Leave backdoor for later

7. Clean up, get out, cover tracks

Risk management

· It’s not a matter of if a computer security breach will happen, it’s a matter of when, and how prepared will you be…

· Risk = (Cost of Asset) x (Vulnerability) x (Threat)

· Managing risk is like having the right amount of insurance

Types of Threats

· Interruption

o An asset of the system is destroyed of becomes unavailable or unusable

o Attack on availability

o Destruction of hardware

o Cutting of a communication line

o Disabling the file management system

· Interception

o An unauthorized party gains access to an asset

o Attack on confidentiality

o Wiretapping to capture data in a network

o Illicit copying of files or programs

· Modification

o An unauthorized party not only gains access but tampers with an asset

o Attack on integrity

o Changing values in a data file

o Altering a program so that it performs differently

o Modifying the content of messages being transmitted in a network

· Fabrication

o An unauthorized party inserts counterfeit objects into the system

o Attack on authenticity

o Insertion of spurious messages in a network

o Addition of records to a file

Links:

Penetration Testing.ppt

https://www.bestitdocuments.com/Samples